On Mon, 1 Dec 2003 06:28:24 -0500 JoeHill <joehill-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org> wrote:

"Initial investigations of the security breach, which occurred on 19 November, indicate that the attacker was able to gain full control of Debian servers after logging on via unprivileged accounts, known as privilege escalation, according to James Troup, part of the team handling Debian's distribution."

http://news.zdnet.co.uk/software/developer/0,39020387,39118183,00.htm

Yet more: "Recently multiple servers of the Debian project were compromised using a Debian developers account and an unknown root exploit. Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space. This problem was found in September by Andrew Morton, but unfortunately that was too late for the 2.4.22 kernel release. This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and 2.6.0-test6 kernel tree. For Debian it has been fixed in version 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 kernel images and version 2.4.18-11 of the alpha kernel images." Also covered in MDKSA-2003:110: Problem Description: "A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous. A flaw in bounds checking in the do_brk() function can allow a local attacker to gain root privileges. This vulnerability is known to be exploitable; an exploit is in the wild at this time. The Mandrake Linux 9.2 kernels are not vulnerable to this problem as the fix for it is already present in those kernels. MandrakeSoft encourages all users to upgrade their systems immediately." What confuses me, is that my default install of MDK 9.2 shows kernel version: 2.4.22-10 But MDK says 9.2 is safe. Can someone clarify this for me? -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++++++++++++++++++++++++++ "There are three side effects of acid: enhanced long-term memory, decreased short-term memory, and I forget the third."-- Timothy Leary -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml